Hello AdamRnarsson-2213,
Welcome to the Microsoft Q&A and thank you for posting your questions here.
I understand that you are having issue with Azure Data Explorer RLS function.
Regarding your explanations, I will advise to check the usage of the distinct operator within your RLS policy function first. Try to remove and see if the error persists.
This is an example your code snippet without distinct:
.create-or-alter function with (docstring = 'Restricts access to data.', folder = 'RLS') RestrictAccess(TableName: string) {
table(TableName)
| join kind=leftsemi (
AccessTable
| extend
current_member=case(
current_principal_is_member_of('aadgroup=00000000-BBBB-CCCC-DDDD-EEEEEEEEEEEE'), 'foo',
current_principal_is_member_of('aadgroup=11111111-BBBB-CCCC-DDDD-EEEEEEEEEEEE'), 'bar',
current_principal_is_member_of('aadgroup=22222222-BBBB-CCCC-DDDD-EEEEEEEEEEEE'), 'baz',
'unknown'
)
| where current_member == groupName
| project deviceId
) on deviceId
}
Then, make sure there is no implicit use of the summarize
operator within your function or any referenced functions and the AccessTable
is correctly formatted and does not contain any unexpected data that might cause issues during the join operation. Check out for more about rowl level security https://zcusa.951200.xyz/en-us/kusto/management/row-level-security-policy?view=microsoft-fabric and ingestion error https://zcusa.951200.xyz/en-us/azure/data-explorer/error-codes
I hope this is helpful! Do not hesitate to let me know if you have any other questions.
Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful.